Tuesday Newsday Jan 9 2024: A Blast From the Past, 2023 in Review.
2023 was a whirlwind of a year. There were ups and downs, lefts and rights, hacks, breaches, and much more. The internet chefs worked hard all year to ensure us common folk stay entertained. In their honor, let's go back over some of the major events from 2023 that you may have missed.
In May of 2023, the MoveIT file transfer software was compromised by a hacker group named Clop. Due to the widespread usage of this file transfer software, the effects have been both long-lasting and increasing in scope over time. As of late 2023, an estimated 62 million (likely more by now) people had their data compromised in some way. Over 2000 organizations have reported being attacked, ranging from government agencies, HR/Payroll solution companies, and healthcare providers.
For the unfamiliar, a geofence warrant (also known as reverse-location searches) was a method used by law enforcement to request all location data from a certain area where a crime was committed. This might mean that little Timmy Two Shoes who was walking next to the building that got robbed might be implicated in the robbery, and treated as a suspect, all for the crime of being in the wrong place at the wrong time.
Google's recent amendments to their location history collection practices mean that the data is stored for a shorter amount of time and is - in theory - no longer possible for the company itself to even access. This means they can no longer respond to geofence warrant requests from law enforcement.
Las Vegas saw two high-profile network breaches this year, one being Caesars Entertainment, and the other being MGM Resorts. Even though both of these breaches were done by the same cybercrime group known as Scattered Spider, the respective outcomes of each breach were very different.
On the one hand, in a move "akin to cutting the cheese in a packed elevator," Caesars Entertainment acquiesced to the hacker's demands; MGM did not. The fallout? Caesars appears to have mitigated the brunt of the cyberattack effects by forking up an estimated $15 million to the hackers. MGM, however, suffered roughly a week of outages and disruptions, costing an estimated $100 million, AND the stolen data was leaked.
Caesar's acquiescence comes with a different price, though, as cybersecurity firms warn that payment of such types of ransomware keeps the ransomware itself alive and thriving. "If nobody paid, there would be no more ransomware."
Researchers at Kaspersky disclosed a new zero-click iOS attack that goes by the name "Operation Triangulation," which is used to install the TriangleDB spyware on affected iPhones. The attack itself is a chain of four zero-day iOS vulnerabilities and is considered to be one of the most sophisticated iPhone attacks to date. Fortunately, the number of estimated affected devices remains low to non-existent (thus far).
This one is quick and easy: Worldwide genetics testing company 23andMe was breached, exposing the data of 6.9 million of its users. The company then proceeded to... Wait for it... Blame the users, saying that they "negligently recycled and failed to update their passwords." Yeah, I'm sure the courts are going to see it that way too...
What good yearly article doesn't include Denmark? Bad ones, which is why we're making sure that our Lego-loving Nordic friends don't feel left out. The charges? Being bad at hosting stuff (apparently).
CloudNordic, a Danish cloud host service, was hit with a massive ransomware attack that saw the attackers encrypt all server disks, including the backups. The company also said that it didn't have the funds to pay the ransomware (even if it wanted to), so basically anyone with data on those servers is S.O.L.
TL;DR
2023 was kinda fucked, especially if you're in the cybersecurity world. That's not to say it's all bad, though. The removal of geofencing as a tool for law enforcement is actually a huge deal for end-user privacy, and it's not getting the attention it deserves.
One thing remains crystal clear though: the internet can be a scary place sometimes. It's imperative to protect yourself online, and that starts with a proactive and comprehensive privacy strategy. Let Windscribe step in to do the heavy lifting for you.